This week, PhishLabs analysts have detected a new TrickBot campaign that began at approximately 23:30 EST on July 17th, and continued through the evening of July 18th before ending later that night.
Thousands of lures were detected, the bulk of which were sent between 12:30 - 15:30 EST on July 18th.
But let’s back up a little.
In case you missed it first time around, TrickBot is a prominent example of a type of malware known as a Trojan. Like the Trojan from which it was developed, Dyre, Trickbot is configured to steal banking credentials.
Once a victim's machine is infected, Trickbot sends bank information to criminals through a complex series of events initiated by one click. Once initiated, TrickBot resides in the background, operating as unobtrusively as possible. As a result, many victims are unaware their machine has been infected.